Threat Description

Swamp

Details

Summary

This is not a virus, bot a hoax which was originally distributed on the April Fools
Day in 1996. Ignore it.

Removal

Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Technical Details

Here's the original hoax:

---HOAX MESSAGE STARTS---

SWAMP VIRUS

Synopsis

A new extremely threatening virus has been discovered. Its key features are

it is a hardware based virus

it can be transmitted over any communications network

it does not require executable code to travel

it is a targetable virus i.e. the virus can be set to target a particular PC or group
of PCs

it is immune to existing anti-virus software

Introduction

This is a brief paper summarising what is known about the new virus. Techniques for
preventing infection are proposed.

Virus Description

The new virus has become known as the Swamp Virus. Its official reference number
is 01/0496.

Type

The Swamp Virus is a hardware based virus. It attacks the internal hardware of the
PC causing electrical problems. These in turn cause software problems rendering the
PC completely unusable. In many cases the PC will become usable again once it has
got over the .attack.; in others the PC is effectively destroyed.

Transport

The Swamp Virus can only be transmitted directly over the Internet or other communications
network. It does not have to be executable code; it can be carried on any data stream
whatsoever. It cannot be conducted from PC to PC via floppy disk.

Technique

It works by utilising TCP/IP, the communications and internetworking protocols, at
a very low level. Indeed it is attached to data streams at the bit level.

Background

Experts in many countries have been working on ways to improve the carrying capacity,
or bandwidth, of existing networks using techniques such as multiplexing. Scientists
from the Avril Institute in Bern, Switzerland, have developed a technique whereby
a small number of molecules of various substances can be attached to data at the bit
level. Their goal is to cease using the bit as a data item and to use it merely as
a carrier for the data. The data is physically mapped onto the molecules using the
protons and electrons, the neutrons and neutrinos being used for control information
and parity checking. Use of this technique will expand the capacity of a network
by the data capacity of the molecules. The data carrying capacity of the bit will
depend on the size of the attached molecules. The only identified drawback with this
development is that a high speed communications link is required. This is because
the molecules must remain in a gaseous state to stay attached to the bit. To remain
in this state they require the friction - and consequent heat - developed by the high
speed link. As soon as the friction and heat are removed the molecules condense and
lose their data carrying capacity as well as their attachment to the bit.

Impact

This technological advance has been seized upon by an Anarchist Hacker Group - the
April I Group. They have stolen equipment from the Avril Institute and have been
using it to attach water molecules in a gaseous form to the bit streams generated
by TCP/IP when sending emails. As soon as the email is received by your PC it loses
the friction from the high speed link and the water molecules condense within the
data bus on the motherboard.

This causes electrical problems, and, in the case of large

emails, total destruction of the motherboard due to .swamping..

Risk

It is believed that the April I Hacker Group - are planning to flood the Internet
with vast quantities of email messages during the early part of April with particular
emphasis being placed on the 1st - the anniversary of the day their self-appointed
leader was arrested and charged with breaking out of a secure Government computer
system.

Protection

It is strongly recommended that you do not receive any email on that day. This will
provide 100% protection for your PC. Unfortunately, however, it is thought that many
of the hundreds of mail servers on the Internet may suffer damage as your email messages
are held by them pending retrieval. As your messages will be held on disk, the absence
of friction over the communications network will cause the water molecules to condense
from their gaseous form, damaging the motherboards on the mail servers.

Emails received after this date will be quite safe as the attached water molecules
will have already condensed from the email bit stream.

Further information can be obtained from Professor P. Ranque at the Avril Institute.
Email p_ranque@avril.fuel.edu

---HOAX MESSAGE ENDS---

Description Details: Mikko Hypponen, F-Secure

SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis